Ariff:
If we Azure (only) Join the laptop, then we can't get full access to resources when docked on-campus (i.e. Group Policy, etc)?
So the only way forward would be to keep Credential Caching...
Dan:
You will be able to use Intune to manage them, but not traditional tools (GPO/SCCM).
-----Original Message-----
From: Support issues for windows in UK HE & FE <[log in to unmask]> On Behalf Of Ariff Hafid
Sent: 03 April 2020 11:43
To: [log in to unmask]
Subject: Re: Azure Hybrid Device Login for Laptops
CAUTION: This email originated from outside Edinburgh Napier University. Do not follow links or open attachments if you doubt the authenticity of the sender or the content.
You can't logon off-premise with hybrid joined, only Azure joined.
-----Original Message-----
From: Support issues for windows in UK HE & FE <[log in to unmask]> On Behalf Of Clem Clark
Sent: 03 April 2020 10:21
To: [log in to unmask]
Subject: Azure Hybrid Device Login for Laptops
Hi everyone,
Has anyone set up a hybrid domain joined device, specifically a laptop, where the user can log in when off-domain *without* using traditional cached credentials?
We have the following scenario:
- a AD domain joined laptop with on-prem access to all resources.
- the laptop is also Azure joined (shows as hybrid in Azure - note we have AD Connect setup with PHS).
- I can log in normally on-prem using domain\userid (or UPN).
- I *cannot* log in off-prem ("your domain could not be contacted"). Note, I am connected to WiFi!
I can get the last step to work using traditional cached credentials, but I would like to ditch that in favour of Azure AD auth. Is it possible?
Note that I can log into *non-AD joined devices* when off prem, so our Azure setup is capable of authenticating correctly.
Ideally I would like to move to UPN / Azure auth for on-prem and off, allowing users to have the same local profile. Maybe I'm approaching it the wrong way??
Thanks.
########################################################################
To unsubscribe from the WINDOWS-UK list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=WINDOWS-UK&A=1
########################################################################
To unsubscribe from the WINDOWS-UK list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=WINDOWS-UK&A=1
This message and its attachment(s) are intended for the addressee(s) only and should not be read, copied, disclosed, forwarded or relied upon by any person other than the intended addressee(s) without the permission of the sender. If you are not the intended addressee you must not take any action based on this message and its attachment(s) nor must you copy or show them to anyone. Please respond to the sender and ensure that this message and its attachment(s) are deleted.
It is your responsibility to ensure that this message and its attachment(s) are scanned for viruses or other defects. Edinburgh Napier University does not accept liability for any loss or damage which may result from this message or its attachment(s), or for errors or omissions arising after it was sent. Email is not a secure medium. Emails entering Edinburgh Napier University's system are subject to routine monitoring and filtering by Edinburgh Napier University.
Edinburgh Napier University is a registered Scottish charity. Registration number SC018373
########################################################################
To unsubscribe from the WINDOWS-UK list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=WINDOWS-UK&A=1
|